-
Notifications
You must be signed in to change notification settings - Fork 1k
Man page
testssl.sh -- check encryption of SSL/TLS servers
testssl.sh [OPTIONS]... [FILE|URI]...
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as cryptographic flaws and much more.
Options are either short or long options. All options requiring a value can be called with or without '=' e.g. testssl.sh -t=smtp --wide --openssl=/usr/bin/openssl <URI> is equivalent to testssl.sh --starttls smtp --wide --openssl /usr/bin/openssl <URI>. Some options can also be preset via ENV variables. WIDE=true OPENSSL=/usr/bin/openssl testssl.sh --starttls smtp <URI> would be the equivalent to the aforementioned examples. Preference has the command line over ENV.
\<URI\> or \<FILE\> needs always to be the last parameter.
-h, --help command line help
-b, --banner displays testssl.sh banner, including license, usage conditions, version of testssl.sh, detected openssl version, its path to it, # of ciphers of openssl, its build date and the architecture
-v, --version same as before
-V, --local <pattern> or -V, --local pretty print all local ciphers supported by openssl version. If a pattern is supplied it performs a match (ignore case) on any of the strings supplied in the wide output, see below. The pattern will be searched in the any of the columns: hexcode, cipher suite name (OpenSSL or RFC), key exchange, encryption, bits. It does a word pattern match for non-numbers, for number just a normal match applies. Numbers here are defined as [0-9,A-F]. This means (attention: catch) that the pattern CBC is matched as non-word, but AES as word.
URI can be a hostname, an IPv4 or IPv6 address (restriction see below) or an URL. IPv6 addresses need to be in square brackets. For any given parameter port 443 is assumed unless specified by appending a colon and a port number. The only preceding protocol specifier allowed is https. You need to be aware that checks for an IP address might not hit the vhost you want. DNS resolution (A/AAAA record) is being performed unless you have an /etc/hosts entry for the hostname.
--file <fname> is the mass testing option. Per default it implicitly turns on --warnings batch.
In its first incarnation the mass testing option reads command lines from \<fname\>. \<fname\> consists of command lines of testssl, one line per instance. Comments after # are ignored, EOF signals the end of <fname> any subsequent lines will be ignored too. You can also supply additional options which will be inherited to each child, e.g. When invoking testssl.sh --wide --log --file <fname> . Each single line in \<fname\> is parsed upon execution. If there's a conflicting option and serial mass testing option is being performed the check will be aborted at the time it occurs and depending on the output option potentially leaving you with an output file without footer. In parallel mode the mileage varies.
Alternatively \<fname>\ can be in nmap's grep(p)able output format (-oG). Only open ports will be considered. Multiple ports per line are allowed. The ports can be different and will be tested by testssl.sh according to common practice in the internet, .i.e. if nmap shows in its output an open port 25, automatically -t smtp will be added before the URI whereas port 465 will be treated as a plain TLS/SSL port, not requiring an STARTTLS SMTP handshake upfront.
The nmap output always returns IP addresses and -- only if there's a PTR DNS record available -- a hostname. As it is not checked by nmap whether the hostname matches the IP (A or AAAA record), testssl.sh does this for you. If the A record of the hostname matches the IP address, the hostname is used and not the IP address. As stated above, checks against an IP address might not hit the vhost you maybe were aiming at.
--mode <serial|parallel>. Mass testing to be done serial (default) or parallel (--parallel is shortcut for the latter, --serial is the opposite option). Per default mass testing is being run in serial mode, i.e. one line after the other is processed and invoked. The variable MASS_TESTING_MODE can be defined to be either equal serial or parallel.
-t, --starttls <protocol> does a default run against a STARTTLS enabled <protocol>. <protocol> is one of ftp,smtp,pop3,imap,xmpp,telnet,ldap, postgres For the latter three two you need e.g. the supplied openssl.
--xmpphost <jabber_domain> is an additional option for STARTTLS, specifically for STARTTLS enabled XMPP: It expects as a parameter the jabber domain. This is only needed if the domain is different from the URI supplied.
--mx <domain/host> tests all MX records (STARTTLS, port 25) from high to low priority one after the other.
--ip <ip> Tests either the supplied IPv4 or IPv6 address instead of resolving host(s) in URI. IPv6 addresses needs to be in square brackets.
--ip=one means: just test the first DNS returns (useful for multiple IPs). It's also useful if you want to resolve the supplied hostname to a different IP, similar as if you would edit /etc/hosts. --ip=proxy tries a DNS resolution via proxy.
--proxy <host>:<port> Does the whole check via the specified HTTP proxy. --proxy=auto inherits the proxy setting from the environment. Proxying via IPv6 addresses is not possible. The hostname supplied will only be resolved to the first A record. Authentication to the proxy is not supported.
-6 Does (also) IPv6 checks. This works only with both a supporting OpenSSL binary like the one supplied and IPv6 connectivity. testssl.sh does no connectivity checks for IPv6, it also cannot determine reliably whether the OpenSSL binary you are using has IPv6 support.
--ssl-native Instead of using a mixture of bash sockets and openssl s_client connects testssl.sh uses the latter only. This is at the moment faster but provides less accurate results, especially in the client
simulation and if the openssl binary lacks cipher support. For TLS protocol checks and standard cipher lists and certain other checks you will see a warning if testssl.sh internally can tell if one check cannot be performed or will give you inaccurate results. For e.g. single cipher checks (--each-cipher and --cipher-per-proto) you might end up getting false negatives without a warning.
--openssl <PATH> testssl.sh tries very hard to find the binary supplied (from he directory where testssl.sh has been started from, where the tree of testssl.sh resides) and falls back to the one from the OS ($PATH) if that fails. With this option you can point testssl.sh to your binary of choice and override any interal magic to find the openssl binary. OPENSSL=<path_to_openssl> is equivalent.
--bugs does some workarounds for buggy servers like padding for old F5 devices. The option is passed as -bug to openssl when needed, see s_client(1). For the socket part testssl.sh tries its best without that option to cope with broken server implementations.
--assuming-http testssl.sh does upfront a protocol detection on the application layer. In cases where for some reasons the usage of HTTP cannot be automatically detected you may want to use this option. It helps you to tell testssl.sh not to skip HTTP specific tests and to run the client simulation with browsers. Sometimes also the severity depends on the application protocol, e.g. SHA1 signed certificates, the lack of any SAN matches and some vulnerabilities will be punished harder when checking a web server as opposed to a mail server.
testssl.sh URI (testssl.sh URI does everything except -E)
-e, --each-cipher checks each local cipher remotely
-E, --cipher-per-proto checks those per protocol
-f, --ciphers checks common cipher suites
-p, --protocols checks TLS/SSL protocols
-S, --server_defaults displays the servers default picks and certificate info
-P, --preference displays the servers picks: protocol+cipher
-y, --spdy, --npn checks for SPDY/NPN
-x, --single-cipher <pattern> tests matched <pattern> of ciphers
(if <pattern> not a number: word match)
-U, --vulnerable tests all vulnerabilities
-B, --heartbleed tests for heartbleed vulnerability
-I, --ccs, --ccs-injection tests for CCS injection vulnerability
-R, --renegotiation tests for renegotiation vulnerabilities
-C, --compression, --crime tests for CRIME vulnerability
-T, --breach tests for BREACH vulnerability
-O, --poodle tests for POODLE (SSL) vulnerability
-Z, --tls-fallback checks TLS_FALLBACK_SCSV mitigation
-F, --freak tests for FREAK vulnerability
-A, --beast tests for BEAST vulnerability
-J, --logjam tests for LOGJAM vulnerability
-s, --pfs, --fs,--nsa checks (perfect) forward secrecy settings
-4, --rc4, --appelbaum which RC4 ciphers are being offered?
-H, --header, --headers tests HSTS, HPKP, server/app banner, security headers, cookie, reverse proxy, IPv4 address
All output options can also be preset via environment variables.
--warnings <batch|off|false> "batch" doesn't wait for keypress, "off" or "false" skips connection warning
--quiet don't output the banner. By doing this you acknowledge usage terms normally appearing in the banner
--wide wide output for tests like RC4, BEAST. PFS also with hexcode, kx, strength, RFC name
--show-each for wide outputs: display all ciphers tested -- not only succeeded ones
--mapping <no-rfc> don't display the RFC Cipher Suite Name
--color <0|1|2> 0: no escape or other codes, 1: b/w escape codes, 2: color (default)
--colorblind swap green and blue in the output
--debug <0-6> 0: none
1: screen output normal but debug output in temp files.
2: list more what's going on, lists some errors of connections
3: slight hexdumps + other info
4: display bytes sent via sockets
5: display bytes received via sockets
6: whole 9 yards
A few file output options can also be preset via environment variables.
--log, --logging logs stdout to <NODE-YYYYMMDD-HHMM.log> in current working directory
--logfile <logfile> logs stdout to <file/NODE-YYYYMMDD-HHMM.log> if file is a dir or to specified log file
--json additional output of findings to JSON file <NODE-YYYYMMDD-HHMM.json> in cwd
--jsonfile <jsonfile> additional output to JSON and output JSON to the specified file
--csv additional output of findings to CSV file <NODE-YYYYMMDD-HHMM.csv> in cwd
--csvfile <csvfile> set output to CSV and output CSV to the specified file
--html additional output as HTML to file <NODE>-p<port#><YYYYMMDD-HHMM>.html
--htmlfile <htmlfile> additional output as HTML to the specifed file or directory, similar to --logfile
--append if <csvfile> or <jsonfile> exists rather append then overwrite
testssl.sh testssl.sh
does a default run on https://testssl.sh (protocols, standard cipher lists, PFS, server preferences, server defaults, vulnerabilities, testing all (359 possible) ciphers, client simulation.
testssl.sh testssl.net:443
does the same default run as above with the subtle difference that testssl.net has two IPv4 addresses. Both are tested.
testssl.sh --ip=one --wide https://testssl.net:443
does the same checks as above, only (randomly) one IP address is picked. Displayed is everything where possible in wide format.
testssl.sh -t smtp smtp.gmail.com:25
implicilty does a STARTTLS handshake on the plain text port, then check the IPs @ smtp.gmail.com.
testssl.sh --starttls=imap imap.gmx.net:143
does the same on the plain text IMAP port. Please note that for plain TLS-encrypted ports you must not specify the protocol option: testssl.sh smtp.gmail.com:465 tests the encryption on the SMTPS port, testssl.sh imap.gmx.net:993 on the IMAPS port.
0 testssl.sh finished sucessfully
245 no bash used or called with sh
249 temp file generation problem
251 feature not yet supported
252 no DNS resolver found or not executable / proxy couldn't be determined from given values / -xmpphost supplied but OPENSSL too old
253 no SSL/TLS enabled server / OPENSSL too old / couldn't connect to proxy / couldn't connect via STARTTLS
254 no OPENSSL found or not exexutable / no IPv4 address could be determined / illegal STARTTLS protocol supplied / supplied file name not readable
fixme
*etc/pem Certificate stores from Linux, Mozilla Firefox, Windows 7, JDK 8
etc/mapping-rfc.txt provides a file with mapping from OpenSSL cipher suites names to the ones from IANA / used in the RFCs
Developed by Dirk Wetter and others, see https://github.com/drwetter/testssl.sh/blob/master/CREDITS.md
Copyright © 2014 Dirk Wetter. License GPLv2: Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it under the terms of the license. Usage WITHOUT ANY WARRANTY. USE at your OWN RISK!
Known ones and interface for filing new ones: https://testssl.sh/bugs.
ciphers(1), openssl(1)